Sony PlayStation 3 security compromised

It is now possible to run any software you want on the PlayStation 3 game console from Sony Corp., included pirated games.

A group of U.S.-based hackers known as fail0verflow have managed to gain access to the console’s master key and publish how to obtain it online. Sony uses the [formerly] secret key to “sign” legitimate software so the console knows it has been formally approved by the Japanese electronics giant.

Now that the code is publicly available, it can be used to sign any software to make the PS3 believe it has also been approved. That means PlayStation owners can now convince their consoles that illegal pirated versions of popular games are in fact genuine copies.

“The complete console is compromised – there is no recovery from this,” one of the hackers who goes by the screen name pytey, told the BBC on Wednesday. “Someone is getting into serious trouble at Sony right now.”

Fail0verflow considers themselves staunch opponents to unlawful activity such as using pirated game software. The group claims their motivation behind to hack the PS3, which they said came as a result of “months” of effort, was so they could install other operating systems such as Linux and unique “homebrewed” software on their consoles.

It was Sony’s decision to remove OtherOS from the PS3 that made the system a “valid target” for other hackers to start tinkering with the console’s security, pytey explained to BBC News.

Because Sony used a constant number for each new signature it generated with its own in-house-designed signing software, even though the process requires that number to be randomly generated and not predictable in any way. Once the fail0verflow team had discovered the weakness, it was just a matter of high school algebra to reduce the complete master key.

Unlike the aftermath of the hole exposed by Mr. Hotz last January, which Sony was able to close by releasing a software update, fail0verflow believes this time around Sony will need to replace aspects of physical hardware on the PS3. That could potentially involve a product recall, which would come with a multi-million-dollar price tag for the company.

The latest hack, which was presented last month at the Chaos Communication Congress in Berlin, makes it possible for users of Sony’s hand-held PlayStation Portable [PSP] game console to run pirated software on those devices as well.

While the fail0verflow group has only released its methods for obtaining the master key online and not the actual key, new tools for developing new software using the key are already available.